Jump to content

Botnets coordinated to Spamcop downtime?


Geek

Recommended Posts

Looks to me like the spammers to full advantage of the downtime today.

I went from a typical 30 to about 600 spams received today.

Slowed down since Spamcop came online... BIGTIME!

Anybody else have similar?

Cheers!

Link to comment
Share on other sites

Looks to me like the spammers to full advantage of the downtime today.

I went from a typical 30 to about 600 spams received today. ...

Good heavens, that's utterly obscene. I think botnets are not much bothered by SC, I would suspect some other explanation (even though your volumes declined when SC reporting came back).

Your provider doesn't filter and drop inwards spam? (or you have that turned off?). My provider's (switchable) filtering picks up about 99.7% of spam judging by comparative volumes but that may be a higher proportion (uses IronPort) than many achieve - even so, your experience 'feels' more like a failed filter. If all/most people were getting that sort of increase I think there would have been an international uproar before this!

Link to comment
Share on other sites

I did not see anything like this on any of the accounts I own.
Nor have I. Of course, SC is still not acccessible to me yet, but webmail says that I only accumulated one message while the servers were down.

-- rick

Link to comment
Share on other sites

Looks to me like the spammers to full advantage of the downtime today.

I went from a typical 30 to about 600 spams received today.

I think this is just your lucky day :rolleyes:

My spam volume has been about the same.

Link to comment
Share on other sites

Hi Farelf,

Good heavens, that's utterly obscene. I think botnets are not much bothered by SC, I would suspect some other explanation (even though your volumes declined when SC reporting came back).

And she's back down to normal today! :)

Maybe Spamcop does better at helping ISP's stop spam on the outgoing side than we think?

Your provider doesn't filter and drop inwards spam? (or you have that turned off?).

Yes, it's switched off.

It's not switchable and I had to email the ISP tech's to do it. I had to explain that I was a Spamcop reporter (and on *nix) before they did it.

I also had to have them switch it off, otherwise the email reporting system was blocked by them (detected the spam in the email).

Hi Lking,

I think this is just your lucky day :rolleyes:

My spam volume has been about the same.

It could very well be! :lol:

I usually see spikes like this at certain times of the year, when students get new computers for school or seasonal holidays. But the coincidence with the Spamcop downtime was too good to let a conspiracy theory pass :ph34r:

Cheers!

Link to comment
Share on other sites

...Maybe Spamcop does better at helping ISP's stop spam on the outgoing side than we think?...
That would be wonderful.

I do note that there's been a largely unremarked takeover of routers happening in the background. In this part of the world it has been manifesting as repeated telnet probes on port 23 (how many people check their router firewall logs?) from within the user's own ISP network. Something has been quietly setting up. One or two folk have probed back to sources and found they could log in to 'zombie' routers the other end (always default user-password) - this affects a subset of those routers with embedded Linux firmware (no Windows in sight), a psybot variant in several different manifestations it seems. You want conspiracy theory? Nah, let's not go there :D (let's all just be very careful). But that sudden surge is really worrisome ... well, it is tempting to drop into paranoia mode. Then there's the building wave of cornficker/downloadup ...

Link to comment
Share on other sites

I do note that there's been a largely unremarked takeover of routers happening in the background. In this part of the world it has been manifesting as repeated telnet probes on port 23 (how many people check their router firewall logs?) from within the user's own ISP network. Something has been quietly setting up. One or two folk have probed back to sources and found they could log in to 'zombie' routers the other end (always default user-password) - this affects a subset of those routers with embedded Linux firmware (no Windows in sight), a psybot variant in several different manifestations it seems.

Thanks for the tip... looks like we're clean here.

But, pretty ingenious.... a router is designed to keep suspicious activity out from the WAN side, not the LAN side. Surprised no one did that before.

Cheers!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...